ISO 27001 – Mandatory Clauses

Developing an ISO 27001 compliant Information Security Management System (ISMS) requires a highly planned and coordinated approach. To help you lay the groundwork of your system, we previously covered the core activities required when planning the implementation of a cohesive ISMS, including leadership support, project scope, and the Statement of Applicability. Now we are ready Read more…

ISO 27001 – Implementation & Leadership Support

The industry standard for information security management, ISO 27001 provides a structured framework for data security, privacy compliance, risk management, and operational assurance. In our 8-part Guide to ISO 27001, we will provide you with essential guidance to protect your assets, how to create an ISO 27001 compliant information security management system (ISMS),  leveraging your Read more…

Information Security Compliance in Canada

The digital era has enabled companies to connect with consumers and deliver value in more ways than ever before. However, it simultaneously raises the potential for data breaches and cyber-attacks. In a bid to minimize these risks, governments and lawmakers are enforcing stringent information security and compliance regulations around the world to help combat threats Read more…

Privacy Assurance

As we approach the end of our Guide to Data Privacy and Security, let’s recap our previous publications. To help you and other data protection professionals get started with your own data privacy and security programs’ we discussed multiple elements and points of consideration, sharing tips and providing solutions along the way to help you Read more…

Creating Your Information Security Risk Register

A risk register is the foundational document that supports your organization’s cyber-risk and information security management program. Information security programs, regardless of company size, are developed with a single goal in mind: to implement controls that protect your business’ critical assets.   An effective information security program is dependent on the identification of risks and implementing controls to treat those risks. It contains a detailed list of all the potential and probable risks along with risk levels. It is a living record of risks that can adversely impact business objectives Read more…

Data Categorization & Mapping

Previously in our Guide to Data Privacy and Security, we discussed all the intricacies of third-party management and why companies should have a process to assess and monitor suppliers. Now it is time to discuss the flow of your data – how it is categorized, mapped and what is legally required by privacy regulations such as Read more…

Data Processing Agreements

Up to this point in our Guide To Data Privacy And Security, we have covered how to prepare and build your data privacy framework, explored both policies and procedures, defined the role of accountability, provided some guidelines to create an effective third-party management process, and the best approach and tools to assess your vendors.   Now, let’s consider you were successful in structuring an assessment process, and you have approved a vendor from a Read more…

Product Update | February 2021

In this update, we are adding some highly requested features including customizable risk Heatmaps, Organizational Scopes, Control Implementations, and improved Policy Versioning.   Heat Maps 2.0  Add context to your data sets and summarize your risk assessment results with our new Heatmap charts. Provide your team with a snapshot of your Risk Analysis to quickly develop a targeted plan of action. Customize your Heatmaps by selecting chart type, style, and cut-off limits.  Policy Versioning Improvements  Simplify Read more…